Add possibility to use system CA

wazuh · Nov 12, 2024 · 1601c38 · 1601c38
1 parent e672982
commit 1601c38
Show file tree

Hide file tree

Showing 4 changed files with 7 additions and 0 deletions.
diff --git a/manifests/dashboard.pp b/manifests/dashboard.pp
@@ -31,6 +31,7 @@
     },
   ],
 
+  $use_system_ca = false,
 ) {
 
   # assign version according to the package manager

diff --git a/manifests/filebeat_oss.pp b/manifests/filebeat_oss.pp
@@ -19,6 +19,8 @@
   $filebeat_fileuser = 'root',
   $filebeat_filegroup = 'root',
   $filebeat_path_certs = '/etc/filebeat/certs',
+
+  $use_system_ca = false,
 ) {
 
   package { 'filebeat':

diff --git a/templates/filebeat_oss_yml.erb b/templates/filebeat_oss_yml.erb
@@ -17,8 +17,10 @@ output.elasticsearch:
   username: <%= @filebeat_oss_elastic_user %>
   password: <%= @filebeat_oss_elastic_password %>
   protocol: https
+<% if not @use_system_ca -%>
   ssl.certificate_authorities:
     - /etc/filebeat/certs/root-ca.pem
+<% end -%>
   ssl.certificate: "/etc/filebeat/certs/filebeat.pem"
   ssl.key: "/etc/filebeat/certs/filebeat-key.pem"
 

diff --git a/templates/wazuh_dashboard_yml.erb b/templates/wazuh_dashboard_yml.erb
@@ -12,5 +12,7 @@ opensearch_security.readonly_mode.roles: ["kibana_read_only"]
 server.ssl.enabled: true
 server.ssl.key: "<%= @dashboard_path_certs %>/dashboard-key.pem"
 server.ssl.certificate: "<%= @dashboard_path_certs %>/dashboard.pem"
+<% if not @use_system_ca -%>
 opensearch.ssl.certificateAuthorities: ["<%= @dashboard_path_certs %>/root-ca.pem"]
+<% end -%>
 uiSettings.overrides.defaultRoute: /app/wz-home